Thanks for the input Leon.

I followed the steps and cleared password (option 2) and same steps I followed for clearing TPM (option 3).

I booted to Linux after clearing the passwords and TPM, but still I am facing the same issue.

 

I am not able to create primary key.

following is the command (I am using IBM TSS2.0 tools) and error message

./createprimary -hi p - tk printk.bin -ch prich.bin

hierarchycontrol: failed, rc 000009a2

TPM_RC_BAD_AUTH - authorization failure without DA implications Session number 1

Above error means auth is not NULL, I am not sure if BIOS is setting any auth password.

OR I may be missing something. I am very new to the TPM.

Can you provide appropriate steps to generate primary key

Thanks,

Vasu.

 

Hello devarao

 

 

Thank you for your response.

 

 

Could you access BIOS with F2 go to Boot> secure Boot, and select secure boot and clear secure boot data. Use F10 to exit and save changes; access bios again and you should see that the security features would appear as not installed, once this is done unchecked the secure boot and try the configuration that you are running on the operating system.

 

 

Best Regards,

 

Leonardo C.

 

Hello devarao

 

 

I was checking your case and would like to know if you need further help. If so, please do not hesitate in replying back.

 

 

Regards,

 

Leonardo C.

 

Hi Leonardo C,

I tried the steps given. I selected secure boot option and cleared the secure boot data and next boot I unchecked the secure boot option. but Security Features still enabled. please find the attached screen pics for reference. Still I booted (OS supports Legacy boot,so booting in legacy mode, not sure if that makes any difference) and tried creating primary key. It still shows the same error.

hierarchycontrol: failed, rc 000009a2

TPM_RC_BAD_AUTH - authorization failure without DA implications Session number 1

Thanks,

Vasu

Hello devarao

 

 

Thank you for the information.

 

 

Not to assume anything, do you have the BIOS version 0068 (Latest) installed on you NUC? If you don't please refer to the following link https://downloadcenter.intel.com/download/28045/BIOS-Update-SYSKLi35-86A-?product=89190 https://downloadcenter.intel.com/download/28045/BIOS-Update-SYSKLi35-86A-?product=89190, you could update the BIOS following the steps on the following link https://www.intel.com/content/www/us/en/support/articles/000005850/mini-pcs.html https://www.intel.com/content/www/us/en/support/articles/000005850/mini-pcs.html.

 

 

Have you tried the following?

• Try to test the system with the Intel® PTT disable
• Try to also consult with the Linux community (https://www.linux.com/learn/help-finding-community-linux-support https://www.linux.com/learn/help-finding-community-linux-support) the process to complete the set up of the master key.

Hope this help.

 

 

Best Regards,

 

Leonardo C.

 

Hello devarao

 

 

I was checking your case and would like to know if you need further help. If so, please do not hesitate in replying back.

 

 

Regards,

 

Leonardo C.

 

Hi, I am getting this error:

WARNING:esys:../src/tss2-esys/api/Esys_Clear.c:282:Esys_Clear_Finish() Received TPM Error
ERROR:esys:../src/tss2-esys/api/Esys_Clear.c:97:Esys_Clear() Esys Finish ErrorCode (0x00000921)
ERROR: Esys_Clear(0x921) - tpm:warn(2.0): authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout mode
ERROR: Unable to run tpm2_clear
Please clear the TPM before installing.

I tried the following in Intel NUC8i7BEH

access BIOS with F2 go to Boot> secure Boot, and select secure boot and clear secure boot data. Use F10 to exit and save changes.

However still observing this issue.

What further can be done now?

The solution provided above:

Removing the yellow security jumper and then in config mode clearing TPM works for me.

Thanks